Release v6.24.0

CHANGELOG.md

@@ -1,6 +1,32 @@
 Changelog
 =========
 
+## v6.24.0 (6 October 2021)
+
+### Enhancements
+
+* Allow overriding an event's unhandled flag
+  | [#698](https://github.com/bugsnag/bugsnag-ruby/pull/698)
+* Add the ability to store metadata globally
+  | [#699](https://github.com/bugsnag/bugsnag-ruby/pull/699)
+* Add `cookies`, `body` and `httpVersion` to the automatically captured request data for Rack apps
+  | [#700](https://github.com/bugsnag/bugsnag-ruby/pull/700)
+* Add `Configuration#endpoints` for reading the notify and sessions endpoints and `Configuration#endpoints=` for setting them
+  | [#701](https://github.com/bugsnag/bugsnag-ruby/pull/701)
+* Add `Configuration#redacted_keys`. This is like `meta_data_filters` but matches strings with case-insensitive equality, rather than matching based on inclusion
+  | [#703](https://github.com/bugsnag/bugsnag-ruby/pull/703)
+* Allow pausing and resuming sessions, giving more control over the stability score
+  | [#704](https://github.com/bugsnag/bugsnag-ruby/pull/704)
+* Add `Configuration#vendor_paths` to replace `Configuration#vendor_path`
+  | [#705](https://github.com/bugsnag/bugsnag-ruby/pull/705)
+
+### Deprecated
+
+* In the next major release, `params` will only contain query string parameters. Currently it also contains the request body for form data requests, but this is deprecated in favour of the new `body` property
+* The `Configuration#set_endpoints` method is now deprecated in favour of `Configuration#endpoints=`
+* The `Configuration#meta_data_filters` option is now deprecated in favour of `Configuration#redacted_keys`
+* The `Configuration#vendor_path` option is now deprecated in favour of `Configuration#vendor_paths`
+
 ## v6.23.0 (21 September 2021)
 
 ### Enhancements

VERSION

@@ -1 +1 @@
-6.23.0
+6.24.0

features/fixtures/docker-compose.yml

@@ -5,7 +5,7 @@ services:
     image: redis
 
   postgres:
-    image: postgres
+    image: postgres:13
     environment:
       - POSTGRES_PASSWORD=test_password
 
@@ -35,6 +35,7 @@ services:
       - BUGSNAG_PROXY_PASSWORD
       - BUGSNAG_PROXY_PORT
       - BUGSNAG_PROXY_USER
+      - BUGSNAG_REDACTED_KEYS
       - BUGSNAG_RELEASE_STAGE
       - BUGSNAG_SEND_CODE
       - BUGSNAG_SEND_ENVIRONMENT
@@ -85,6 +86,7 @@ services:
     environment:
       - BUGSNAG_API_KEY
       - BUGSNAG_ENDPOINT
+      - BUGSNAG_METADATA_FILTERS
     restart: "no"
 
   rack2:
@@ -95,6 +97,7 @@ services:
     environment:
       - BUGSNAG_API_KEY
       - BUGSNAG_ENDPOINT
+      - BUGSNAG_METADATA_FILTERS
     restart: "no"
 
   rails3:

features/fixtures/plain/app/app.rb

@@ -22,6 +22,7 @@ def configure_using_environment
     conf.proxy_password = ENV["BUGSNAG_PROXY_PASSWORD"] if ENV.include? "BUGSNAG_PROXY_PASSWORD"
     conf.proxy_port = ENV["BUGSNAG_PROXY_PORT"] if ENV.include? "BUGSNAG_PROXY_PORT"
     conf.proxy_user = ENV["BUGSNAG_PROXY_USER"] if ENV.include? "BUGSNAG_PROXY_USER"
+    conf.redacted_keys << ENV["BUGSNAG_REDACTED_KEYS"] if ENV.include? "BUGSNAG_REDACTED_KEYS"
     conf.send_environment = ENV["BUGSNAG_SEND_ENVIRONMENT"] != "false"
     conf.send_code = ENV["BUGSNAG_SEND_CODE"] != "false"
     conf.timeout = ENV["BUGSNAG_TIMEOUT"] if ENV.include? "BUGSNAG_TIMEOUT"

features/fixtures/rack1/app/app.rb

@@ -1,11 +1,14 @@
 require 'bugsnag'
 require 'rack'
+require 'json'
 
 Bugsnag.configure do |config|
-  puts "Configuring `api_key` to #{ENV['BUGSNAG_API_KEY']}"
   config.api_key = ENV['BUGSNAG_API_KEY']
-  puts "Configuring `endpoint` to #{ENV['BUGSNAG_ENDPOINT']}"
   config.endpoint = ENV['BUGSNAG_ENDPOINT']
+
+  if ENV.key?('BUGSNAG_METADATA_FILTERS')
+    config.meta_data_filters = JSON.parse(ENV['BUGSNAG_METADATA_FILTERS'])
+  end
 end
 
 class BugsnagTests

features/fixtures/rack2/app/app.rb

@@ -1,11 +1,14 @@
 require 'bugsnag'
 require 'rack'
+require 'json'
 
 Bugsnag.configure do |config|
-  puts "Configuring `api_key` to #{ENV['BUGSNAG_API_KEY']}"
   config.api_key = ENV['BUGSNAG_API_KEY']
-  puts "Configuring `endpoint` to #{ENV['BUGSNAG_ENDPOINT']}"
   config.endpoint = ENV['BUGSNAG_ENDPOINT']
+
+  if ENV.key?('BUGSNAG_METADATA_FILTERS')
+    config.meta_data_filters = JSON.parse(ENV['BUGSNAG_METADATA_FILTERS'])
+  end
 end
 
 class BugsnagTests

features/plain_features/filters.feature

@@ -12,3 +12,10 @@ Scenario: Additional filters can be added to the filter list
   And I wait to receive a request
   Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
   And the event "metaData.filter.filter_me" equals "[FILTERED]"
+
+Scenario: Redacted keys can also be used to filter sensitive data
+  Given I set environment variable "BUGSNAG_REDACTED_KEYS" to "filter_me"
+  When I run the service "plain-ruby" with the command "bundle exec ruby filters/additional_filters.rb"
+  And I wait to receive a request
+  Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
+  And the event "metaData.filter.filter_me" equals "[FILTERED]"

features/rack.feature

@@ -2,7 +2,7 @@ Feature: Bugsnag raises errors in Rack
 
 Scenario: An unhandled RuntimeError sends a report
   Given I start the rack service
-  When I navigate to the route "/unhandled" on the rack app
+  When I navigate to the route "/unhandled?a=123&b=456" on the rack app
   And I wait to receive a request
   Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
   And the event "unhandled" is true
@@ -11,14 +11,129 @@ Scenario: An unhandled RuntimeError sends a report
   And the event "severityReason.attributes.framework" equals "Rack"
   And the event "app.type" equals "rack"
   And the exception "errorClass" equals "RuntimeError"
+  And the event "metaData.request.body" is null
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.cookies" is null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "GET"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/unhandled?a=123&b=456"
 
 Scenario: A handled RuntimeError sends a report
   Given I start the rack service
-  When I navigate to the route "/handled" on the rack app
+  When I navigate to the route "/handled?a=123&b=456" on the rack app
   And I wait to receive a request
   Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
   And the event "unhandled" is false
   And the event "severity" equals "warning"
   And the event "severityReason.type" equals "handledException"
   And the event "app.type" equals "rack"
   And the exception "errorClass" equals "RuntimeError"
+  And the event "metaData.request.body" is null
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.cookies" is null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "GET"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/handled?a=123&b=456"
+
+Scenario: A POST request with form data sends a report with the parsed request body attached
+  Given I start the rack service
+  When I send a POST request to "/unhandled?a=123&b=456" in the rack app with the following form data:
+    | name             | baba      |
+    | favourite_letter | z         |
+    | password         | password1 |
+  And I wait to receive a request
+  Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
+  And the event "metaData.request.body.name" equals "baba"
+  And the event "metaData.request.body.favourite_letter" equals "z"
+  And the event "metaData.request.body.password" equals "[FILTERED]"
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.cookies" is null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "POST"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/unhandled?a=123&b=456"
+
+Scenario: A POST request with JSON sends a report with the parsed request body attached
+  Given I start the rack service
+  When I send a POST request to "/unhandled?a=123&b=456" in the rack app with the following JSON:
+    | name             | baba      |
+    | favourite_letter | z         |
+    | password         | password1 |
+  And I wait to receive a request
+  Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
+  And the event "metaData.request.body.name" equals "baba"
+  And the event "metaData.request.body.favourite_letter" equals "z"
+  And the event "metaData.request.body.password" equals "[FILTERED]"
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.cookies" is null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "POST"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/unhandled?a=123&b=456"
+
+Scenario: A request with cookies will be filtered out by default
+  Given I start the rack service
+  When I navigate to the route "/unhandled?a=123&b=456" on the rack app with these cookies:
+    | a | b |
+    | c | d |
+    | e | f |
+  And I wait to receive a request
+  Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
+  And the event "metaData.request.cookie" is null
+  And the event "metaData.request.headers.Cookie" equals "[FILTERED]"
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "GET"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/unhandled?a=123&b=456"
+
+Scenario: A request with cookies and no matching filter will set cookies in metadata
+  Given I set environment variable "BUGSNAG_METADATA_FILTERS" to '["password"]'
+  And I start the rack service
+  When I navigate to the route "/unhandled?a=123&b=456" on the rack app with these cookies:
+    | a | b |
+    | c | d |
+    | e | f |
+  And I wait to receive a request
+  Then the request is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier"
+  And the event "metaData.request.cookies.a" equals "b"
+  And the event "metaData.request.cookies.c" equals "d"
+  And the event "metaData.request.cookies.e" equals "f"
+  And the event "metaData.request.headers.Cookie" equals "a=b;c=d;e=f"
+  And the event "metaData.request.clientIp" is not null
+  And the event "metaData.request.headers.Host" is not null
+  And the event "metaData.request.headers.User-Agent" is not null
+  And the event "metaData.request.headers.Version" is not null
+  And the event "metaData.request.httpMethod" equals "GET"
+  And the event "metaData.request.httpVersion" matches "^HTTP/\d\.\d$"
+  And the event "metaData.request.params.a" equals "123"
+  And the event "metaData.request.params.b" equals "456"
+  And the event "metaData.request.referer" is null
+  And the event "metaData.request.url" ends with "/unhandled?a=123&b=456"

features/steps/ruby_notifier_steps.rb

@@ -1,3 +1,6 @@
+require "json"
+require "net/http"
+
 Then(/^the "(.+)" of the top non-bugsnag stackframe equals (\d+|".+")$/) do |element, value|
   stacktrace = read_key_path(Server.current_request[:body], 'events.0.exceptions.0.stacktrace')
   frame_index = stacktrace.find_index { |frame| ! /.*lib\/bugsnag.*\.rb/.match(frame["file"]) }
@@ -91,6 +94,37 @@
   }
 end
 
+When("I navigate to the route {string} on the rack app with these cookies:") do |route, data|
+  rack_version = ENV["RACK_VERSION"]
+  uri = URI("http://rack#{rack_version}:3000#{route}")
+
+  # e.g. { "a" => "b", "c" => "d" } -> "a=b;c=d"
+  cookie = data.rows_hash.map { |key, value| "#{key}=#{value}" }.join(";")
+
+  http = Net::HTTP.new(uri.host, uri.port)
+  request = Net::HTTP::Get.new(uri.request_uri)
+  request["Cookie"] = cookie
+
+  http.request(request)
+end
+
+When("I send a POST request to {string} in the rack app with the following form data:") do |route, data|
+  rack_version = ENV["RACK_VERSION"]
+  uri = URI("http://rack#{rack_version}:3000#{route}")
+
+  Net::HTTP.post_form(uri, data.rows_hash)
+end
+
+When("I send a POST request to {string} in the rack app with the following JSON:") do |route, data|
+  rack_version = ENV["RACK_VERSION"]
+
+  Net::HTTP.post(
+    URI("http://rack#{rack_version}:3000#{route}"),
+    JSON.generate(data.rows_hash),
+    { "Content-Type" => "application/json" }
+  )
+end
+
 Then("the payload field {string} matches the appropriate Sidekiq handled payload") do |field|
   # Sidekiq 2 doesn't include the "created_at" field
   created_at_present = ENV["SIDEKIQ_VERSION"] > "2"